Blind SQL Exploit?

This topic contains 1 reply, has 2 voices. Last updated by Cristián Lávaque 4 years, 1 month ago.

Topic Author	Topic
Posted: Saturday Nov 17th, 2012 at 4:41 am #31868
Chris MB Username: chrismb
Hi, I’ve run a thorough scan for exploits and vulnerabilities to my site via Detectify.com. It has come back with a “Blind SQL Exploit” with S2Member that it rates as a 9.3/10 in terms of seriousness. It states: Description: Could be abused to either extract specific data, possibly execute operating-system commands, read/write local files, or to put the server in a Denial- of Service condition. URL: http://redacted.com/membership/?_s2member_seekingtype=ruri&_s2member_seekingruri=L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==&_s2member_seeking_uri=L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==’OR(IF((@DTFYB02D65373A25/!IS/NULL),SELECT(@DTFYB02D65373A25:=BENCHMARK(22000000,SHA1(0xDE7EC71F1)))),0))OR’&_s2member_req[type]=level&_s2member_req[level]=0&_s2member_res[type]=ruri&s2member_seeking=ruri-L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==&s2member_level_req=0 I’ve obviously redacted my domain name. Now, I have no idea whether this is the case or just a false positive, but I’d be very grateful if someone could look into this. Thanks

Viewing 1 replies (of 1 total)

Author	Replies
Author	Replies
Posted: Sunday Nov 18th, 2012 at 7:52 am #31919
Cristián Lávaque Username: Cristian
Hi Chris. Those variables aren’t used by s2Member at all, so that code wouldn’t get executed. They are there for the site owner to use if he wants to. You can read about them here: [hilite path]Dashboard -› s2Member® -› API / Scripting -› Membership Options Page Variables (MOP Vars)[/hilite] I hope that helps. :)

Viewing 1 replies (of 1 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.